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Remarks 

Claims 1, 2, 5, 7-9, 11-17, 20-25, and 29-35 are pending. 

Response to Arguments 

1 . Applicant's arguments filed 9/12/2007 have been fully considered but they are 
not persuasive. 

Applicant argues that the client side application of Steele is temporary and 
specific to a browser session. Whether the client-side application (intermediary proxy 
server) is temporary or specific to a browser session is insignificant, since it has the 
ability to perform the claimed limitations. 

Applicant argues that Steele is not capable of requesting a certificate and signed 
content from a protection server over a secure connection. The cited portion (Column 
8, lines 1-24) explicitly discloses that the client-side application performs an 
authentication procedure with the host server. One example given here is the use of 
SSL, which is more fully described in Yasala as pertaining to the exchange of 
certificates in order to authenticate entities. 

Applicant argues that Steele lacks an API for communicating with a service 
provider. Steele teaches use of an API for communications in Column 8, lines 25-45, 
one example of an API used in the system being SOAP (Simple Object Access 
Protocol). Other portions of Steele show this API being used by various entities for 
various reasons. Column 12, lines 4-16, for example, shows a service provider 
interacting with the host server via SOAP. 
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Applicant also argues that the host server does not deliver personal profile data 
to a requesting service provider according to user preferences or in such a way that 
there is no association between the personal profile data and the user. The use of 
alternative language here "or" is the focus of this limitation. The cited portions of Steele 
(Column 9, line 42 to Column 10, line 52; and Column 12, lines 4-16), as well as other 
portions, clearly show the host server delivering personal profile data to a service 
provider according to user preferences. 

Applicant argues that Yasala does not disclose protecting user profile data. One 
will note that Steele was cited as rejection of such a limitation. 

Claim Rejections - 35 (JSC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 2, 5, 7-9, 11, 12, 20, 23, 24, 30, 31, and 33-35 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Steele (U.S. Patent 7,016,877) in view of 

Yasala (U.S. Patent Application Publication 2003/0188156). 

Regarding Claim 1, 

Steele discloses an arrangement for protection of end user 

personal profile data in a communication system including a number of 

end user stations and a number of service/information/content providers or 



Application/Control Number: 10/603,447 Page 4 

Art Unit: 2137 

holding means holding end user personal profile data, the arrangement 
comprising: 

An intermediary proxy server supporting a first communication 
protocol for end user station communication (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24); 

A protection server, for protecting end user personal profile data, 
supporting a second communication protocol for communication with the 
intermediary proxy server and a third communication protocol for 
communication with one of the service/information/content providers, the 
protection server further comprises an API allowing 
service/information/content provider queries/interactions, and storing 
means for storing of end user specific data and end user personal profile 
data (Figure 8, numerals 102 and 108; Column 8, line 25 to Column 9, line 
57; and Column 12, lines 4-16); 

Wherein the service/information/content provider can request, via 
the API, personal profile data, which is delivered according to end user 
preferences or delivered having no association between the actual end 
user and the personal profile data of the end user (Column 9, line 42 to 
Column 10, line 52; and Column 12, lines 4-16); 

The intermediary proxy server performing authentication via 
certificates and/or SSL (Column 8, lines 1-24); 
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But does not explicitly disclose the protection server having a 
protection certificate and the verification of such certificate. 

Yasala, however, discloses the protection server having a 
protection certificate (Paragraphs 27-31); 

Means for providing published certificates to the intermediary proxy 
server (Paragraphs 27-31); and 

The intermediary proxy server comprising means for verifying the 
authenticity of the protection certificate requested over the second 
communication protocol from the protection server against a published 
certificate; and responsive to receipt of a verified genuine protection 
certificate of the protection server, allowing authenticated communications 
to commence (Paragraphs 27-31). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the authentication and authorization system of Yasala into the trusted 
brokering system of Steele in order to provide strong mutual 
authentication and/or authorization of both entities such that a secure 
channel can be formed, while allowing each system to decide who it trusts 
and does not trust. 
Regarding Claim 2, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the first communication protocol is a 
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secure protocol (Figure 8, numeral 105; and Column 7, line 46 to Column 
8, line 24). 
Regarding Claim 5, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the second communication protocol is a 
secure protocol (Paragraphs 27-31). 
Regarding Claim 7, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is an HTTP 
proxy (Figure 8; numeral 105; and Column 7, line 46 to Column 8, line 44). 
Regarding Claim 8, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the intermediary proxy server comprises 
holding means for holding published certificates (Paragraphs 25-31). 
Regarding Claim 9, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the intermediary proxy server is in 
communication with external holding means holding published certificates 
(Paragraphs 22, 23, and 27-31). 
Regarding Claim 11, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
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within an intranet or at the operator's premises (Figure 8, numeral 105; 
and Column 7, line 46 to Column 8, line 24). 

Regarding Claim 12, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server comprises 
a functionality for establishing a security communication agreement with 
the protection server (Figure 8, numeral 105; and Column 7, line 46 to 
Column 8, line 24); and Yasala discloses that the intermediary proxy 
server comprises a functionality for establishing a security communication 
agreement with the protection server (Paragraphs 27-31). 

Regarding Claim 20, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the protection server storing means 
comprises at least three tables containing information about end user 
specific data, personal profile data information and historical data 
respectively (Figure 3-4; and Column 14, line 10 to Column 16, line 4). 

Regarding Claim 23, 

Steele discloses a method for protection of end user personal 
profile data in a communication system with a number of end user stations 
and a number of service/information/content providers, the method 
comprising the steps of: 
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Providing communication from an intermediary proxy server in 
communication with an end user station using a first communication 
protocol, to a protection server for protecting end user personal profile 
data over a second communication protocol (Column 7, line 46 to Column 
8, line 59); 

Providing a response from the protection server to the intermediary 
proxy server (Column 7, line 46 to Column 8, line 59); 

Allowing a service provider to retrieve end user data and personal 
profile data from the protection server according to policy setting and end 
user privacy level over an API and a third communication protocol 
(Column 9, line 42 to Column 10, line 52; and Column 12, lines 4-16); and 

The intermediary proxy server performing authentication via 
certificates and/or SSL (Column 8, lines 1-24); 

But does not explicitly disclose the protection server having a 
protection certificate and the verification of such certificate. 

Yasala, however, discloses registering a certificate for a protection 
server with a trusted third party (Paragraphs 27-31); 

Providing a request for the certificate from the intermediary proxy 
server to the protection server (Paragraphs 27-31); 

Providing a response from the protection server to the intermediary 
proxy server (Paragraphs 27-31); 
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Verifying, in the intermediary proxy server that the certificate is 
genuine, thereby belonging to the respective protection server and is 
registered with the trusted third party (Paragraphs 27-31); 

After confirmation that the protection server certificate is genuine, 
allowing authenticated communications to commence (Paragraphs 27-31). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and authorization 
system of Yasala into the trusted brokering system of Steele in order to 
provide strong mutual authentication and/or authorization of both entities 
such that a secure channel can be formed, while allowing each system to 
decide who it trusts and does not trust. 

Regarding Claim 24, 

Steele as modified by Yasala discloses the method of claim 23, in 
addition, Steele discloses establishing an end user personal profile data 
security agreement between the intermediary proxy server and the 
protection server (Figure 8, numeral 105; and Column 7, line 46 to Column 
8, line 24); and Yasala discloses establishing an end user personal profile 
data security agreement between the intermediary proxy server and the 
protection server (Paragraphs 27-31). 

Regarding Claim 30, 

Steele as modified by Yasala discloses the method of claim 23, in 
addition, Steele discloses providing an API at the protection server, using 
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the API for queries to the protection server from the service provider, and 
providing responses over the third communication protocol to the service 
provider (Column 9, line 42 to Column 10, line 52; and Column 12, lines 4- 
16). 

Regarding Claim 31, 

Steele as modified by Yasala discloses the method of claim 30, in 
addition, Steele discloses storing data in a number of tables in the 
protection server relating to user specific data, end user personal profile 
data, and statistical data (Figures 3-4; and Column 14, line 10 to Column 
16, line 4). 

Regarding Claim 33, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within a personal environment of the end user (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24). 

Regarding Claim 34, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within premises of the end user (Figure 8, numeral 105; and Column 7, 
line 46 to Column 8, line 24). 

Regarding Claim 35, 
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Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within an intranet utilized by the end user (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24). 

3. Claims 2, 7, 1 1 , 14, 21 , 22, 29, 32, 34, and 35 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Steele in view of Yasala, further in view of Gabber 
(U.S. Patent 5,961,593). 
Regarding Claim 2, 

Steele as modified by Yasala does not disclose that the first 
communication protocol is a secure protocol outside the user's computer. 

Gabber, however, discloses that the first communication protocol is 
a secure protocol outside the user's computer (Column 13, lines 15-53). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 7, 
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Steele as modified by Yasala does not disclose that the 
intermediate proxy server is an HTTP proxy outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is an 
HTTP proxy outside the user's computer (Column 6, line 59 to Column 7, 
line 18; and Column 13, lines 15-53). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 11, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is a proxy server outside the user's computer 
and located within an intranet or at the operator's premises. 

Gabber, however, discloses that the intermediary proxy server is 
outside the user's computer and located within an intranet or at the 
operator's premises (Column 13, lines 15-53). It would have been obvious 
to one of ordinary skill in the art at the time of applicant's invention to 
incorporate the proxy server system of Gabber into the trusted brokering 
system of Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
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trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 14, 

Steele as modified by Yasala does not disclose that user 
preferences related to privacy level are stored in the intermediary proxy 
server. 

Gabber, however, discloses that user preferences related to privacy 
level are stored in the intermediary proxy server (Column 11, lines 15-67; 
and Column 13, lines 15-53). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 21, 

Steele as modified by Yasala does not explicitly disclose that the 
end user specific data and end user personal profile data are provided to 
the service provider in such a manner that the end user cannot be traced 
by the service provider. 

Gabber, however, discloses that the end user specific data and end 
user personal profile data are provided to the service provider in such a 
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manner that the end user cannot be traced by the service provider 
(Column 5, line 17 to Column 6, line 17; Column 6, line 59 to Column 7, 
line 18; Column 11, lines 15-67; and Column 13, lines 15-53). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 22, 

Steele as modified by Yasala and Gabber discloses the 
arrangement of claim 21 , in addition, Gabber discloses that the protection 
server comprises means for pseudonymizing statistical information and 
personal profile information by using a unique pseudo for each URL of the 
service provider that is requested (Column 5, line 17 to Column 6, line 17; 
Column 6, line 59 to Column 7, line 18; Column 11, lines 15-67; and 
Column 13, lines 15-53). 
Regarding Claim 29, 

Steele as modified by Yasala may not disclose that the end user 
preferences are stored in the end user station or in the intermediary proxy 



Application/Control Number: 10/603,447 Page 15 

Art Unit: 2137 

server, and in that they can be separately stored after confirmation of the 
agreement. 

Gabber, however, discloses that the end user preferences are 
stored in the end user station or in the intermediary proxy serveV, and in 
that they can be separately stored after confirmation of an agreement 
(Column 5, line 17 to Column 6, line 17; Column 6, line 59 to Column 7, 
line 18; Column 11, lines 15-67; and Column 13, lines 15-53). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 32, 

Steele as modified by Yasala does not explicitly disclose 
pseudonymizing statistical data and profile information such that the end 
user personal data cannot be associated or tied to the actual end user. 

Gabber, however, discloses pseudonymizing statistical data and 
profile information such that the end user personal data cannot be 
associated or tied to the actual end user (Column 5, line 17 to Column 6, 
line 1 7; Column 6, line 59 to Column 7, line 1 8; Column 1 1 , lines 1 5-67; 
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and Column 13, lines 15-53). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 34, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is 
outside the user's computer and located within premises of the user 
(Column 13, lines 15-53). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the proxy 
server system of Gabber into the trusted brokering system of Steele as 
modified by Yasala in order to allow the user to obtain anonymous 
personalized browsing through a local proxy which the user trusts, thereby 
allowing the user to acquire personalized services without an entity 
outside the user's trusted space knowing the user's identity. 
Regarding Claim 35, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is outside the user's computer. 
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Gabber, however, discloses that the intermediary proxy server is 
outside the user's computer and located within an intranet utilized by the 
user (Column 13, lines 15-53). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 

4. Claims 13, 15-17, and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Steele in view of Yasala, further in view of P3P (P3P 1 .0: A New 
Standard in Online Privacy", 9/13/2000, pp. 1-6). 
Regarding Claim 13, 

Steele as modified by Yasala discloses the arrangement of claim 
12, in addition, Steele discloses that the user preferences are stored in the 
end user station (Column 5, lines 31-43; and Column 7, line 24 to Column 
8, line 24); and Yasala discloses that the user preferences are stored in 
the end user station (Paragraphs 34-39). 

P3P also discloses that the user preferences are stored in the end 
user station (Pages 1-5). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the privacy 
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standard of P3P into the trusted brokering system of Steele as modified by 
Yasala in order to allow the system to interoperate with other privacy 
systems that implement the P3P standard, and/or to inform the user of 
web site information policies. 

Regarding Claim 15, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 13, in addition, P3P discloses that user preferences relating to 
privacy level are stored in separate fast access storing means after 
completion of the security communication agreement (Pages 1-5). 

Regarding Claim 16, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 15, in addition, Steele discloses that the protection server 
comprises an API allowing service provider control of site and page 
policies, and if the end user privacy level is increased, data below the 
privacy level is deleted (Column 4, line 56 to Column 5, line 43; Column 9, 
line 42 to Column 10, line 52; and Column 12, lines 4-16). 

Regarding Claim 17, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 16, in addition, Yasala discloses that the protection server 
provides certificates, and preferably signatures upon request by the 
intermediary proxy server (Paragraphs 27-31). 

Regarding Claim 25, 
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Steele as modified by Yasala does not explicitly disclose that the 
agreement comprises a P3P agreement. 

P3P, however, discloses that the end user personal profile data 
security agreement comprises a P3P agreement (Pages 1-5). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the privacy standard of P3P into the 
trusted brokering system of Steele as modified by Yasala in order to allow 
the system to interoperate with other privacy systems that implement the 
P3P standard, and/or to inform the user of web site information policies. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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